>>>>> "AG" == Alexander Gurvitz <[email protected]> writes:
AG> I don't quite understand what is the purpose of Cert. Usage 0 and 1
AG> TLSA records ("CA constraint" and "Service Certificate Constraint").
The idea was for something akin to pinning.
Some only wanted to prevent rogue CAs in the bowsers' sets from
affecting them.
Others of us wanted to replace the CA concept with a trust path to
the dnssec root.
The four possible usage types are the resulting compromise.
-JimC
--
James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
